Monday, April 24, 2006

SIEM Market is a Failure... Now we Know Why!

Some quotes pretty much tell all - read this exciting blog post from analyst Eric Ogren...

"I have always regarded Security Event Management (SEM) as the most dysfunctional segment in the security industry."

"SEM vendors would always preach rapid response and attack prevention, even though they only examine log file entries written long after the attack has come and gone."

"It has just been a brain-dead market segment."

And, on the other hand, what is needed is a "good place to collect, filter, and manage audit logs of corporate activity."

In other words, log management with a brain (intelligence). Because "you wouldn't think of running your business without independent corporate auditing, you shouldn't think of running IT without auditing"!

2 comments:

Anonymous said...

Hmmm....didn't you used to work for a SIM vendor? Welcome to America, Anton; where your opinions change depending upon who pays you.

Anton Chuvakin said...

I certainly did.

But you are confusing the CONSEQUENCE with the REASON... I got somewhat disillusioned in SIM and that was part of the the reason for my departure...

Dr Anton Chuvakin